Note: GitHub-hosted runners are not currently supported on GitHub Enterprise Server. You can see more information about planned future support on the GitHub public roadmap.
About GitHub Actions on GitHub Enterprise Server
This article explains how site administrators can configure GitHub Enterprise Server to use GitHub Actions.
GitHub Actions is not enabled for GitHub Enterprise Server by default. You'll need to determine whether your instance has adequate CPU and memory resources to handle the load from GitHub Actions without causing performance loss, and possibly increase those resources. You'll also need to decide which storage provider you'll use for the blob storage required to store artifacts and caches generated by workflow runs. Then, you'll enable GitHub Actions for your enterprise, manage access permissions, and add self-hosted runners to run workflows.
Before you get started, you should make a plan for how you'll introduce GitHub Actions to your enterprise. For more information, see "Introducing GitHub Actions to your enterprise."
If you're migrating your enterprise to GitHub Actions from another provider, there are additional considerations. For more information, see "Migrating your enterprise to GitHub Actions."
Review hardware requirements
The CPU and memory resources available to your GitHub Enterprise Server instance determine the number of jobs that can be run concurrently without performance loss. GitHub recommends a minimum of 8 vCPU and 64 GB memory to run GitHub Actions.
The peak quantity of concurrent jobs running without performance loss depends on such factors as job duration, artifact usage, number of repositories running Actions, and how much other work your instance is doing not related to Actions. Internal testing at GitHub demonstrated the following performance targets for GitHub Enterprise Server on a range of CPU and memory configurations:
vCPUs | Memory | Maximum Concurrency |
---|---|---|
8 | 64 GB | 740 jobs |
16 | 128 GB | 1250 jobs |
32 | 160 GB | 2700 jobs |
64 | 256 GB | 4500 jobs |
96 | 384 GB | 7000 jobs |
GitHub measured maximum concurrency using multiple repositories, job duration of approximately 10 minutes, and 10 MB artifact uploads. You may experience different performance depending on the overall levels of activity on your instance.
Note: Beginning with GitHub Enterprise Server 3.5, GitHub's internal testing uses 3rd generation CPUs to better reflect a typical customer configuration. This change in CPU represents a small portion of the changes to performance targets in this version of GitHub Enterprise Server.
If you plan to enable GitHub Actions for the users of an existing instance, review the levels of activity for users and automations on the instance and ensure that you have provisioned adequate CPU and memory for your users. For more information about monitoring the capacity and performance of GitHub Enterprise Server, see "Monitoring your appliance."
For more information about minimum hardware requirements for your GitHub Enterprise Server instance, see the hardware considerations for your instance's platform.
For more information about adjusting resources for an existing instance, see "Increasing storage capacity" and "Increasing CPU or memory resources."
Optionally, you can limit resource consumption on your GitHub Enterprise Server instance by configuring a rate limit for GitHub Actions. For more information, see "Configuring rate limits."
External storage requirements
To enable GitHub Actions on GitHub Enterprise Server, you must have access to external blob storage.
GitHub Actions uses external blob storage to store data generated by workflow runs. Stored data includes workflow logs, caches, and user-uploaded build artifacts. The amount of storage required depends on your usage of GitHub Actions. Only a single external storage configuration is supported, and you can't use multiple storage providers at the same time.
All other GitHub Actions data, such as the workflow files in a repository's file structure, are stored on the data storage volume for your GitHub Enterprise Server instance.
GitHub Actions supports these storage providers:
- Azure Blob storage
- Amazon S3
- S3-compatible MinIO cluster
Note: These are the only storage providers that GitHub supports and can provide assistance with.
There are other S3 API-compatible storage products that GitHub partners have self-validated as working with GitHub Actions on GitHub Enterprise Server. For more information, see the GHES Storage Partners repository.
For storage products validated through the GitHub Technology Partnership program, the storage provider is responsible for support and documentation for using the storage product with GitHub Actions.
Networking considerations
If GitHub Actions is enabled for your enterprise, only HTTP proxies are supported. SOCKS5 and HTTPS proxies are not supported. For more information about using a proxy with GitHub Enterprise Server, see "Configuring an outbound web proxy server."
Enabling GitHub Actions with your storage provider
Follow one of the procedures below to enable GitHub Actions with your chosen storage provider:
- Enabling GitHub Actions with Azure Blob storage
- Enabling GitHub Actions with Amazon S3 storage
- Enabling GitHub Actions with MinIO storage
Managing access permissions for GitHub Actions in your enterprise
You can use policies to manage access to GitHub Actions. For more information, see "Enforcing policies for GitHub Actions in your enterprise."
Adding self-hosted runners
Note: GitHub-hosted runners are not currently supported on GitHub Enterprise Server. You can see more information about planned future support on the GitHub public roadmap.
To run GitHub Actions workflows, you need to add self-hosted runners. You can add self-hosted runners at the enterprise, organization, or repository levels. For more information, see "Adding self-hosted runners."
Managing which actions can be used in your enterprise
You can control which actions your users are allowed to use in your enterprise. This includes setting up GitHub Connect for automatic access to actions from GitHub.com, or manually syncing actions from GitHub.com.
For more information, see "About using actions in your enterprise."
General security hardening for GitHub Actions
If you want to learn more about security practices for GitHub Actions, see "Security hardening for GitHub Actions."
Reserved names
When you enable GitHub Actions for your enterprise, two organizations are created: github
and actions
. If your enterprise already uses the github
organization name, github-org
(or github-github-org
if github-org
is also in use) will be used instead. If your enterprise already uses the actions
organization name, github-actions
(or github-actions-org
if github-actions
is also in use) will be used instead. Once actions is enabled, you won't be able to use these names anymore.